subtree updates
meta-arm: 1dff3300fb..0b61cc659a:
Ross Burton (1):
meta-arm/selftest: add test that PAC/BTI instructions are used
meta-openembedded: 991e6852a5..5ad7203f68:
Alexander Kanavin (1):
fio: revert "fio: upgrade 3.32 -> 2022"
BELOUARGA Mohamed (1):
monocypher: add crypto library recipe
Dylan Turner (1):
apache2: v2.4.57 to v2.4.58 to fix CVE-2023-43622
Hongxu Jia (1):
freeradius: make sub packages to runtime depends on freeradius
Kai Kang (1):
libnma: remove conflict xml file
Khem Raj (12):
nlohmann-json: Fix SRCREV_FORMAT and do not package git metadata into ptests
ptest-packagelists-meta-oe.inc: Move poco to slow tests
sdbus-c++-libsystemd: Upgrade to 254
sdbus-c++-tools: Upgrade to 1.4.0
gstd: Fix systemd user unit packaging
basu: Update to latest master
sdbus-c++: Install ptests into PTEST_PATH
liblognorm:Add asprintf to autoconf function check macro
gnome-console,gnome-terminal: Depend on vte from core layer
Revert "gnome-terminal: Remove recommendation on vte-prompt"
vte9: Drop recipe
basu: Update the SRCREV to get lld fix
Luca Fancellu (1):
linuxptp: Update downstream patches
Markus Volk (9):
libcacard: fix version string in libcacard.pc
cups-filters: fix Makefile race condition
system-config-printer: Add packageconfig for polkit
pipewire: upgrade 0.3.85 > 1.0.0
libcacard: set meson version based on PV
spice: Set meson version based on PV
spice-gtk: Set meson version based on PV
libdecor: update 0.2.0 -> 0.2.1
xdg-desktop-portal-gnome: upgrade 45.0 -> 45.1
Naveen Saini (2):
tbb: upgrade 2021.9.0 -> 2021.11.0
tbb: enable NUMA/Hybrid CPU support
Patrick Wicki (6):
squid: update from v5.7 to v6.5
squid: add nm dispatcher reload hook
squid: add auth packageconfig
squid: move configs to sub package
squid: add url-rewrite-helpers packageconfig
squid: add systemd service
Patrick Williams (1):
glog: Disable 64bit atomics on armv{5,6}
Peter Kjellerstedt (1):
redis: Inherit pkgconfig
Ross Burton (1):
python3-validators: add new recipe
Wang Mingyu (26):
ctags: upgrade 6.0.20231119.0 -> 6.0.20231126.0
dnfdragora: upgrade 2.1.4 -> 2.1.5
gensio: upgrade 2.7.7 -> 2.8.0
frr: upgrade 9.0.1 -> 9.1
capnproto: upgrade 1.0.1 -> 1.0.1.1
libbpf: upgrade 1.2.2 -> 1.3.0
paho-mqtt-cpp: upgrade 1.2.0 -> 1.3.1
tomoyo-tools: upgrade 2.5.0 -> 2.6.1
python3-aiohttp: upgrade 3.9.0 -> 3.9.1
python3-bitstring: upgrade 4.1.2 -> 4.1.3
python3-dbus-fast: upgrade 2.14.0 -> 2.15.0
python3-humanize: upgrade 4.8.0 -> 4.9.0
python3-ipython: upgrade 8.17.2 -> 8.18.0
python3-mypy: upgrade 1.7.0 -> 1.7.1
python3-pdm: upgrade 2.10.3 -> 2.10.4
python3-pexpect: upgrade 4.8.0 -> 4.9.0
python3-pychromecast: upgrade 13.0.7 -> 13.0.8
python3-pydantic: upgrade 2.5.1 -> 2.5.2
python3-pymisp: upgrade 2.4.178 -> 2.4.179
python3-pytest-xdist: upgrade 3.4.0 -> 3.5.0
python3-sentry-sdk: upgrade 1.35.0 -> 1.37.1
python3-types-setuptools: upgrade 68.2.0.1 -> 68.2.0.2
python3-virtualenv: upgrade 20.24.6 -> 20.24.7
redis: upgrade 7.2.2 -> 7.2.3
ser2net: upgrade 4.5.1 -> 4.6.0
thingsboard-gateway: upgrade 3.4.2 -> 3.4.3.1
alperak (12):
squashfs-tools-ng: upgrade 1.1.4 -> 1.2.0
tmate: Fix finding msgpack 6+
msgpack-c: upgrade 4.0.0 -> 6.0.0
msgpack-cpp: upgrade 4.1.1 -> 6.1.0
brotli: upgrade 1.0.9 -> 1.1.0
icewm: upgrade 2.9.9 -> 3.4.4
iotop: upgrade 1.21 -> 1.25
liblognorm: upgrade 1.0.1 -> 2.0.6
libmodbus: upgrade 3.1.7 -> 3.1.10
libpwquality: upgrade 1.4.4 -> 1.4.5
libspiro: upgrade 20200505 -> 20221101
gtkwave: upgrade 3.3.111 -> 3.3.117
poky: 2696bf8cf3..028b6f6226:
Adrian Freihofer (1):
cmake-qemu.bbclass: support qemu for cmake
Alassane Yattara (9):
bitbake: toaster/tests: Update methods wait_until_~ to skip using time.sleep
bitbake: toaster/tests: Override table edit columns TestCase from image recipe page
bitbake: toaster/tests: Test software recipe page
bitbake: toaster/tests: Added Machine page TestCase
bitbake: toaster/tests: Added Layers page TestCase
bitbake: toaster/tests: Added distro page TestCase
bitbake: toaster/tests: Bug-fix on tests/functional/test_project_page
bitbake: toaster/tests: Test single layer page
bitbake: toaster/tests: Test single recipe page
Alex Kiernan (4):
rust: Delete python2 configparser code path
rust: Drop TARGET_VENDOR export
eudev: Upgrade 3.2.12 -> 3.2.14
rust: Drop targets and hosts override magic
Alexander Kanavin (15):
python3-pyproject-hooks: fix upstream version check
cmake: upgrade 3.27.5 -> 3.27.7
desktop-file-utils: upgrade 0.26 -> 0.27
erofs-utils: upgrade 1.6 -> 1.7.1
webkitgtk: update 2.40.5 -> 2.42.2
epiphany: upgrade 44.6 -> 45.1
virglrenderer: upgrade 0.10.4 -> 1.0.0
libxkbcommon: upgrade 1.5.0 -> 1.6.0
mpg123: upgrade 1.31.3 -> 1.32.3
icu: upgrade 73-2 -> 74-1
p11-kit: upgrade 0.25.0 -> 0.25.2
glib-2.0: install gio-querymodules into bindir as well as libexecdir for native
meson: update 1.2.2 -> 1.3.0
repo: update 2.37 -> 2.39
rt-tests: update 2.5 -> 2.6
Bruce Ashfield (1):
lttng-modules: fix build for v6.7+
Changhyeok Bae (1):
iptables: upgrade 1.8.9 -> 1.8.10
Charlie Johnston (2):
bitbake.conf: Add gsutil as hosttool for gcp fetcher.
bitbake: fetch2: Ensure GCP fetcher checks if file exists before download.
Jan Vermaete (1):
systemd: fixed typo
Joao Marcos Costa (1):
documentation.conf: fix do_menuconfig description
Joshua Watt (2):
bitbake: bitbake-hashclient: Add commands to get hashes
bitbake: hashserv: sqlite: Ensure sync propagates to database connections
Julien Stephan (6):
devtool: fix update-recipe dry-run mode
lib/oe/recipeutils.py: remove trailing white-spaces
devtool: finish/update-recipe: restrict mode srcrev to recipes fetched from SCM
devtool: tag all submodules
devtool: add support for git submodules
oeqa/selftest/devtool: add test for git submodules
Justin Bronder (1):
contributor-guide: add License-Update tag
Kareem Zarka (2):
wic: bootimg-efi: Make kernel image installation configurable
oeqa/selftest/wic: Add tests for kernel image installation
Khem Raj (8):
shared-mime-info: Fix build with clang-17+
libsoup-2.4: Fix build with clang-17 and libxml2-2.12
busybox: Enable utmp support on musl systems
virglrenderer: Fix build with clang
llvm: Upgrade to 17.0.6
rust-common.bbclass: Define rust arch for x32 platforms
vte: Upgrade to 0.74.1
vte: Separate out gtk4 pieces of vte into individual packages
Lee Chee Yang (3):
wic: add test for partition hidden attributes
migration-guides: add release notes for 4.3.1
openssl: upgrade to 3.2.0
Malte Schmidt (1):
wic: rawcopy: add support for zstd decompression
Marco Felsch (1):
json-c: fix icecc compilation
Markus Volk (3):
bluez5: fix connection for ps5/dualshock controllers
cups: Add root,sys,wheel to system groups
vte: upgrade 0.72.2 -> 0.74.0
Martin Hundeb?ll (1):
libpam: split /etc/environment into pam-plugin-env package
Matsunaga-Shinji (1):
cve-check: Modify judgment processing using "=" in version comparison
Michael Opdenacker (4):
systemd-compat-units.bb: fix postinstall script
dev-manual: layers: update link to YP Compatible form
contributor-guide: fix command option
migration-guides: release 3.5 is actually 4.0
Niko Mauno (1):
rust-llvm: Allow overriding LLVM target archs
Patrick Williams (1):
shared-mime-info-native: handle old GCC for AlmaLinux8
Peter Marko (2):
cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
cve-update-nvd2-native: make number of fetch attemtps configurable
Richard Haar (1):
bitbake: bitbake: tests: Fix duplicate test_underscore_override test
Richard Purdie (2):
bitbake: ui/ncurses: Add missing function call to avoid traceback
bitbake: cooker: Avoid eventlog variable listing lockups
Robert Yang (2):
gnu-config: Update to latest revision
gettext: Upgrade 0.22 -> 0.22.3
Ross Burton (3):
core-image-minimal-initramfs: don't install a kernel into the initramfs
autoconf: upgrade to 2.72d
Revert "cve-check: Modify judgment processing using "=" in version comparison"
Sundeep KOKKONDA (3):
rust: Split rustdoc into a separate package
glibc: stable 2.38 branch updates
binutils: stable 2.41 branch updates
Tim Orling (8):
python3-sphinxcontrib-applehelp: 1.0.4 -> 1.0.7
python3-sphinxcontrib-devhelp: 1.0.2 -> 1.0.5
python3-sphinxcontrib-htmlhelp: 2.0.1 -> 2.0.4
python3-sphinxcontrib-qthelp: 1.0.3 -> 1.0.6
python3-sphinxcontrib-serializinghtml: 1.1.5 -> 1.1.9
vim: upgrade 9.0.2068 -> 9.0.2130
python3-cryptography-vectors: add RECIPE_NO_UPDATE_REASON
python3-cryptography{-vectors}: 41.0.5 -> 41.0.7
Trevor Gamblin (2):
python3-ptest: skip test_storlines
patchtest: shorten patch signed-off-by test output
Viswanath Kraleti (1):
systemd-boot: Fix build issues on armv7a-linux
Wang Mingyu (27):
bind: upgrade 9.18.19 -> 9.18.20
diffoscope: upgrade 251 -> 252
ell: upgrade 0.59 -> 0.60
git: upgrade 2.42.1 -> 2.43.0
gnutls: upgrade 3.8.1 -> 3.8.2
libdrm: upgrade 2.4.117 -> 2.4.118
libgcrypt: upgrade 1.10.2 -> 1.10.3
libksba: upgrade 1.6.4 -> 1.6.5
libxslt: upgrade 1.1.38 -> 1.1.39
log4cplus: upgrade 2.1.0 -> 2.1.1
python3-certifi: upgrade 2023.7.22 -> 2023.11.17
python3-setuptools: upgrade 68.2.2 -> 69.0.2
python3-wcwidth: upgrade 0.2.9 -> 0.2.11
python3-hypothesis: upgrade 6.89.0 -> 6.90.0
python3-pyasn1: upgrade 0.5.0 -> 0.5.1
python3-scons: upgrade 4.5.2 -> 4.6.0
python3-urllib3: upgrade 2.0.7 -> 2.1.0
ethtool: upgrade 6.5 -> 6.6
gi-docgen: upgrade 2023.1 -> 2023.3
init-system-helpers: upgrade 1.65.2 -> 1.66
libsolv: upgrade 0.7.26 -> 0.7.27
python3-idna: upgrade 3.4 -> 3.6
ofono: upgrade 2.1 -> 2.2
python3-sphinx-rtd-theme: upgrade 1.3.0 -> 2.0.0
python3-trove-classifiers: upgrade 2023.11.14 -> 2023.11.22
python3-wheel: upgrade 0.41.3 -> 0.42.0
resolvconf: upgrade 1.91 -> 1.92
Xiangyu Chen (2):
shadow: Fix for CVE-2023-4641
bash: changes to SIGINT handler while waiting for a child
Zahir Hussain (1):
cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES
meta-raspberrypi: 8231f97534..fde68b24f0:
Lorenzo Arena (1):
docs: fix syntax for overriding fs type for initramfs image
Change-Id: Idc6f6b1e913442bae03dfec9f207924c56f31056
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
diff --git a/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-printing/system-config-printer/system-config-printer_1.5.18.bb b/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-printing/system-config-printer/system-config-printer_1.5.18.bb
index 4f14985..ead8758 100644
--- a/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-printing/system-config-printer/system-config-printer_1.5.18.bb
+++ b/meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-printing/system-config-printer/system-config-printer_1.5.18.bb
@@ -13,8 +13,9 @@
DEPENDS = "cups glib-2.0 libusb xmlto-native desktop-file-utils-native autoconf-archive-native"
-PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
+PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd polkit', d)}"
PACKAGECONFIG[systemd] = ",--without-systemdsystemunitdir,systemd"
+PACKAGECONFIG[polkit] = ",,,cups-pk-helper"
do_configure:prepend() {
# This file is not provided if fetching from git but required for configure
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.26.bb b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.26.bb
index e38ef2b..e3730cf 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.26.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.26.bb
@@ -286,5 +286,12 @@
RDEPENDS:${PN} += "perl"
RDEPENDS:${PN}-utils = "${PN} perl"
+RDEPENDS:${PN}-krb5 = "${PN}"
+RDEPENDS:${PN}-ldap = "${PN}"
+RDEPENDS:${PN}-mysql = "${PN}"
+RDEPENDS:${PN}-perl = "${PN}"
+RDEPENDS:${PN}-postgresql = "${PN}"
+RDEPENDS:${PN}-python = "${PN}"
+RDEPENDS:${PN}-unixodbc = "${PN}"
CLEANBROKEN = "1"
diff --git a/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-configure-Check-for-Wno-error-format-truncation-comp.patch b/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-configure-Check-for-Wno-error-format-truncation-comp.patch
index acebd6d..a478dcd 100644
--- a/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-configure-Check-for-Wno-error-format-truncation-comp.patch
+++ b/meta-openembedded/meta-networking/recipes-daemons/squid/files/0001-configure-Check-for-Wno-error-format-truncation-comp.patch
@@ -1,4 +1,4 @@
-From c21adbb0b230ffba97cf5d059e2bd024e13a37df Mon Sep 17 00:00:00 2001
+From 38e7e90cc2075952c1b74f5fca826f9c6cadb2f0 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sat, 22 Apr 2017 11:54:57 -0700
Subject: [PATCH] configure: Check for -Wno-error=format-truncation compiler
@@ -13,8 +13,8 @@
---
Upstream-Status: Pending
- acinclude/ax_check_compile_flag.m4 | 74 ++++++++++++++++++++++++++++++++++++++
- configure.ac | 2 ++
+ acinclude/ax_check_compile_flag.m4 | 74 ++++++++++++++++++++++++++++++
+ configure.ac | 2 +
2 files changed, 76 insertions(+)
create mode 100644 acinclude/ax_check_compile_flag.m4
@@ -99,20 +99,20 @@
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_COMPILE_FLAGS
diff --git a/configure.ac b/configure.ac
-index ff4688c..9382fdf 100644
+index 2543676..4635474 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -26,6 +26,7 @@ m4_include([acinclude/pkg.m4])
+@@ -28,6 +28,7 @@ m4_include([acinclude/pkg.m4])
+ m4_include([acinclude/tdb.m4])
m4_include([acinclude/lib-checks.m4])
- m4_include([acinclude/ax_cxx_compile_stdcxx_11.m4])
- m4_include([acinclude/ax_cxx_0x_types.m4])
+ m4_include([acinclude/ax_cxx_compile_stdcxx.m4])
+m4_include([acinclude/ax_check_compile_flag.m4])
HOSTCXX="$BUILD_CXX"
PRESET_CFLAGS="$CFLAGS"
-@@ -44,6 +45,7 @@ AC_PROG_CXX
+@@ -59,6 +60,7 @@ AC_USE_SYSTEM_EXTENSIONS
+
AC_LANG([C++])
- AC_CANONICAL_HOST
+AX_CHECK_COMPILE_FLAG([-Werror=format-truncation],[CFLAGS="$CFLAGS -Wno-error=format-truncation" CXXFLAGS="$CXXFLAGS -Wno-error=format-truncation"])
# Clang 3.2 on some CPUs requires -march-native to detect correctly.
diff --git a/meta-openembedded/meta-networking/recipes-daemons/squid/files/0002-squid-make-squid-conf-tests-run-on-target-device.patch b/meta-openembedded/meta-networking/recipes-daemons/squid/files/0002-squid-make-squid-conf-tests-run-on-target-device.patch
new file mode 100644
index 0000000..56c91de
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-daemons/squid/files/0002-squid-make-squid-conf-tests-run-on-target-device.patch
@@ -0,0 +1,74 @@
+From cd8bf8a4bf881f84c23a5fc1f48bb716efa51512 Mon Sep 17 00:00:00 2001
+From: Patrick Wicki <patrick.wicki@siemens.com>
+Date: Wed, 22 Nov 2023 15:35:44 +0100
+Subject: [PATCH] squid: make squid-conf-tests run on target device
+
+* Fix paths to allow tests to run outside the original builddir
+* Allow the tests to run on read-only root
+ * Don't overwrite tests with true on success
+ * Change logfile path to /var/log
+
+Upstream-Status: Inappropriate [cross compile specific]
+
+Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
+
+---
+ test-suite/Makefile.am | 16 ++++++++--------
+ test-suite/test-squid-conf.sh | 2 +-
+ 2 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/test-suite/Makefile.am b/test-suite/Makefile.am
+index 8becdbc..eccd49c 100644
+--- a/test-suite/Makefile.am
++++ b/test-suite/Makefile.am
+@@ -21,7 +21,7 @@ LDADD = \
+ EXTRA_PROGRAMS = mem_node_test splay
+
+ EXTRA_DIST = \
+- $(srcdir)/squidconf/* \
++ squidconf/* \
+ test-functionality.sh \
+ test-sources.sh \
+ test-squid-conf.sh \
+@@ -134,21 +134,21 @@ VirtualDeleteOperator_SOURCES = \
+
+ installcheck-local: squid-conf-tests
+
+-squid-conf-tests: $(srcdir)/test-squid-conf.sh $(top_builddir)/src/squid.conf.default $(srcdir)/squidconf/*
+- @failed=0; cfglist="$(top_builddir)/src/squid.conf.default $(srcdir)/squidconf/*.conf"; rm -f $@ || $(TRUE); \
++squid-conf-tests: test-squid-conf.sh $(top_builddir)/src/squid.conf.default squidconf/*
++ @failed=0; cfglist="$(top_builddir)/src/squid.conf.default squidconf/*.conf"; rm -f $@ || $(TRUE); \
+ for cfg in $$cfglist ; do \
+- $(srcdir)/test-squid-conf.sh $(top_builddir) $(sbindir) $$cfg || \
++ ./test-squid-conf.sh $(top_builddir) $(sbindir) $$cfg || \
+ { echo "FAIL: squid.conf test: $$cfg" | \
+ sed s%$(top_builddir)/src/%% | \
+- sed s%$(srcdir)/squidconf/%% ; \
++ sed s%squidconf/%% ; \
+ failed=1; break; \
+ }; \
+ if test "$$failed" -eq 0; then \
+ echo "PASS: squid.conf test: $$cfg" | \
+ sed s%$(top_builddir)/src/%% | \
+- sed s%$(srcdir)/squidconf/%% ; \
++ sed s%squidconf/%% ; \
+ else break; fi; \
+ done; \
+- if test "$$failed" -eq 0; then cp $(TRUE) $@ ; else exit 1; fi
++ exit "$$failed"
+
+-CLEANFILES += squid-conf-tests squid-stderr.log
++CLEANFILES += squid-conf-tests /var/log/squid-stderr.log
+diff --git a/test-suite/test-squid-conf.sh b/test-suite/test-squid-conf.sh
+index 05fcaf3..a5a8a5a 100755
+--- a/test-suite/test-squid-conf.sh
++++ b/test-suite/test-squid-conf.sh
+@@ -111,7 +111,7 @@ then
+ done < $instructionsFile
+ fi
+
+-errorLog="squid-stderr.log"
++errorLog="/var/log/squid-stderr.log"
+
+ $sbindir/squid -k parse -f $configFile 2> $errorLog
+ result=$?
diff --git a/meta-openembedded/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch b/meta-openembedded/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch
deleted file mode 100644
index 738e609..0000000
--- a/meta-openembedded/meta-networking/recipes-daemons/squid/files/Fix-flawed-dynamic-ldb-link-test-in-configure.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From b73b802282bf95d214c86ba943c5765ba6930bc1 Mon Sep 17 00:00:00 2001
-From: Jim Somerville <Jim.Somerville@windriver.com>
-Date: Mon, 21 Oct 2013 12:50:44 -0400
-Subject: [PATCH] Fix flawed dynamic -ldb link test in configure
-
-The test uses dbopen, but just ignores the fact
-that this function may not exist in the db version
-used. This leads to the dynamic link test failing
-and the configure script just making assumptions
-about why and setting the need for -ldb incorrectly.
-
-Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
-
----
-Upstream-Status: Pending
-
- configure.ac | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/configure.ac b/configure.ac
-index d2f7feb..c7ae568 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -3268,6 +3268,16 @@ case "$host" in
- ;;
- esac
-
-+if test "x$ac_cv_have_decl_dbopen" = "xyes"; then
-+ dnl 1.85
-+ SQUID_CHECK_DBOPEN_NEEDS_LIBDB
-+else
-+ # dbopen isn't there. So instead of running a compile/link test that
-+ # uses it and is thus guaranteed to fail, we just assume that we will
-+ # need to link in the db library, rather than fabricate some other
-+ # dynamic compile/link test.
-+ ac_cv_dbopen_libdb="yes"
-+fi
- dnl System-specific library modifications
- dnl
- case "$host" in
diff --git a/meta-openembedded/meta-networking/recipes-daemons/squid/files/Set-up-for-cross-compilation.patch b/meta-openembedded/meta-networking/recipes-daemons/squid/files/Set-up-for-cross-compilation.patch
index ffb7371..ae8706d 100644
--- a/meta-openembedded/meta-networking/recipes-daemons/squid/files/Set-up-for-cross-compilation.patch
+++ b/meta-openembedded/meta-networking/recipes-daemons/squid/files/Set-up-for-cross-compilation.patch
@@ -1,4 +1,4 @@
-From 995aaf30799fa972441354b6feb45f0621968929 Mon Sep 17 00:00:00 2001
+From c0be3192f608037682464bcb728e97f9d9b543aa Mon Sep 17 00:00:00 2001
From: Jim Somerville <Jim.Somerville@windriver.com>
Date: Wed, 16 Oct 2013 16:41:03 -0400
Subject: [PATCH] Set up for cross compilation
@@ -17,12 +17,12 @@
1 file changed, 1 insertion(+)
diff --git a/configure.ac b/configure.ac
-index fe80ee0..57cd1ac 100644
+index ca0bc79..c222851 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -27,6 +27,7 @@ m4_include([acinclude/lib-checks.m4])
- m4_include([acinclude/ax_cxx_compile_stdcxx_11.m4])
- m4_include([acinclude/ax_cxx_0x_types.m4])
+@@ -29,6 +29,7 @@ m4_include([acinclude/tdb.m4])
+ m4_include([acinclude/lib-checks.m4])
+ m4_include([acinclude/ax_cxx_compile_stdcxx.m4])
+HOSTCXX="$BUILD_CXX"
PRESET_CFLAGS="$CFLAGS"
diff --git a/meta-openembedded/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch b/meta-openembedded/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch
index 1085333..5bb30bf 100644
--- a/meta-openembedded/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch
+++ b/meta-openembedded/meta-networking/recipes-daemons/squid/files/Skip-AC_RUN_IFELSE-tests.patch
@@ -1,4 +1,4 @@
-From e4778299a3e49a634d2c7fe4fd9ac77777e829e3 Mon Sep 17 00:00:00 2001
+From 050f8ab275a7a5f3d94045da6b15a2b63dfbeb3f Mon Sep 17 00:00:00 2001
From: Jim Somerville <Jim.Somerville@windriver.com>
Date: Tue, 14 Oct 2014 02:56:08 -0400
Subject: [PATCH] Skip AC_RUN_IFELSE tests
@@ -17,10 +17,10 @@
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/acinclude/krb5.m4 b/acinclude/krb5.m4
-index ad0ba60..4477446 100644
+index 2c4e340..64648e3 100644
--- a/acinclude/krb5.m4
+++ b/acinclude/krb5.m4
-@@ -61,7 +61,15 @@ main(void)
+@@ -57,7 +57,15 @@ main(void)
return 0;
}
@@ -35,13 +35,13 @@
+ dnl Can't test in cross compiled env - so assume good
+ squid_cv_broken_heimdal_krb5_h=no
])
+ SQUID_STATE_ROLLBACK(squid_krb5_heimdal_test)
])
- ]) dnl SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H
diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4
-index 1e9333527c..2d42787029 100644
+index 53847a8..850322a 100644
--- a/acinclude/lib-checks.m4
+++ b/acinclude/lib-checks.m4
-@@ -227,7 +227,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
+@@ -205,7 +205,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
[
AC_MSG_RESULT([no])
],
@@ -52,15 +52,14 @@
SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
])
-@@ -386,8 +386,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
- [
- AC_MSG_RESULT([yes])
- AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
-- ],
--[])
+@@ -347,7 +349,9 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
+ ],[
+ AC_MSG_RESULT([yes])
+ AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
+- ],[])
+ ],[
+ AC_MSG_RESULT([skipped - can't test in cross-compiled env])
+ ])
- SQUID_STATE_ROLLBACK(check_TXTDB)
+ SQUID_STATE_ROLLBACK(check_TXTDB)
])
diff --git a/meta-openembedded/meta-networking/recipes-daemons/squid/files/run-ptest b/meta-openembedded/meta-networking/recipes-daemons/squid/files/run-ptest
index de79a29..8f8e28f 100644
--- a/meta-openembedded/meta-networking/recipes-daemons/squid/files/run-ptest
+++ b/meta-openembedded/meta-networking/recipes-daemons/squid/files/run-ptest
@@ -1,3 +1,4 @@
#!/bin/sh
#
+make -C test-suite -k squid-conf-tests
make -C test-suite -k runtest-TESTS
diff --git a/meta-openembedded/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch b/meta-openembedded/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch
deleted file mode 100644
index 124e044..0000000
--- a/meta-openembedded/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 702bd881b66dc034e711c0ff47805f2da40b6e0d Mon Sep 17 00:00:00 2001
-From: Yue Tao <yue.tao@windriver.com>
-Date: Mon, 8 Aug 2016 16:04:33 +0800
-Subject: [PATCH] Set the SYSROOT for libxml2 header file to avoid host
- contamination.
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Yue Tao <yue.tao@windriver.com>
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
-
----
- configure.ac | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 504a844..ff4688c 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -931,15 +931,15 @@ if test "x$squid_opt_use_esi" = "xyes" -a "x$with_libxml2" != "xno" ; then
- dnl Find the main header and include path...
- AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [
- AC_CHECK_HEADERS([libxml/parser.h], [], [
-- AC_MSG_NOTICE([Testing in /usr/include/libxml2])
-+ AC_MSG_NOTICE([Testing in $SYSROOT/usr/include/libxml2])
- SAVED_CPPFLAGS="$CPPFLAGS"
-- CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS"
-+ CPPFLAGS="-I$SYSROOT/usr/include/libxml2 $CPPFLAGS"
- unset ac_cv_header_libxml_parser_h
-- AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/include/libxml2"], [
-- AC_MSG_NOTICE([Testing in /usr/local/include/libxml2])
-- CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS"
-+ AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I$SYSROOT/usr/include/libxml2"], [
-+ AC_MSG_NOTICE([Testing in $SYSROOT/usr/local/include/libxml2])
-+ CPPFLAGS="-I$SYSROOT/usr/local/include/libxml2 $SAVED_CPPFLAGS"
- unset ac_cv_header_libxml_parser_h
-- AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I/usr/local/include/libxml2"], [
-+ AC_CHECK_HEADERS([libxml/parser.h], [LIBXML2_CFLAGS="$LIBXML2_CFLAGS -I$SYSROOT/usr/local/include/libxml2"], [
- AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h])
- ])
- ])
diff --git a/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch b/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch
deleted file mode 100644
index ea27285..0000000
--- a/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 8786b91488dae3f6dfeadd686e80d2ffc5c29320 Mon Sep 17 00:00:00 2001
-From: Jackie Huang <jackie.huang@windriver.com>
-Date: Thu, 25 Aug 2016 15:22:57 +0800
-Subject: [PATCH] squid: don't do squid-conf-tests at build time
-
-* squid-conf-tests is a test to run "squid -k parse -f"
- to perse the config files, which should not be run
- at build time since we are cross compiling, so remove
- it but it will be added back for the runtime ptest.
-
-* Fix the directories of the conf files for squid-conf-tests
- so that it can run on the target board.
-
-Upstream-Status: Inappropriate [cross compile specific]
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
-
----
- test-suite/Makefile.am | 15 +++++++--------
- 1 file changed, 7 insertions(+), 8 deletions(-)
-
-diff --git a/test-suite/Makefile.am b/test-suite/Makefile.am
-index 0233c0e..e0021b6 100644
---- a/test-suite/Makefile.am
-+++ b/test-suite/Makefile.am
-@@ -40,8 +40,7 @@ TESTS += debug \
- splay\
- mem_node_test\
- mem_hdr_test\
-- $(ESI_TESTS) \
-- squid-conf-tests
-+ $(ESI_TESTS)
-
- ## Sort by alpha - any build failures are significant.
- check_PROGRAMS += debug \
-@@ -159,19 +158,19 @@ VirtualDeleteOperator_SOURCES = \
- ##$(TARGLIB): $(LIBOBJS)
- ## $(AR_R) $(TARGLIB) $(LIBOBJS)
-
--squid-conf-tests: $(top_builddir)/src/squid.conf.default $(srcdir)/squidconf/*
-+squid-conf-tests: $(sysconfdir)/squid.conf.default squidconf/*
- @failed=0; cfglist="$?"; rm -f $@ || $(TRUE); \
- for cfg in $$cfglist ; do \
-- $(top_builddir)/src/squid -k parse -f $$cfg || \
-+ squid -k parse -f $$cfg || \
- { echo "FAIL: squid.conf test: $$cfg" | \
-- sed s%$(top_builddir)/src/%% | \
-- sed s%$(srcdir)/squidconf/%% ; \
-+ sed s%$(sysconfdir)/%% | \
-+ sed s%squidconf/%% ; \
- failed=1; break; \
- }; \
- if test "$$failed" -eq 0; then \
- echo "PASS: squid.conf test: $$cfg" | \
-- sed s%$(top_builddir)/src/%% | \
-- sed s%$(srcdir)/squidconf/%% ; \
-+ sed s%$(sysconfdir)/%% | \
-+ sed s%squidconf/%% ; \
- else break; fi; \
- done; \
- if test "$$failed" -eq 0; then cp $(TRUE) $@ ; fi
diff --git a/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid.nm b/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid.nm
new file mode 100644
index 0000000..b58ee11
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid.nm
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+case "$2" in
+ up|down|vpn-up|vpn-down)
+ systemctl -q reload squid.service || :
+ ;;
+esac
diff --git a/meta-openembedded/meta-networking/recipes-daemons/squid/squid_5.7.bb b/meta-openembedded/meta-networking/recipes-daemons/squid/squid_6.5.bb
similarity index 66%
rename from meta-openembedded/meta-networking/recipes-daemons/squid/squid_5.7.bb
rename to meta-openembedded/meta-networking/recipes-daemons/squid/squid_6.5.bb
index 2a5de18..8d5d1a3 100644
--- a/meta-openembedded/meta-networking/recipes-daemons/squid/squid_5.7.bb
+++ b/meta-openembedded/meta-networking/recipes-daemons/squid/squid_6.5.bb
@@ -15,25 +15,24 @@
SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2 \
file://Set-up-for-cross-compilation.patch \
file://Skip-AC_RUN_IFELSE-tests.patch \
- file://Fix-flawed-dynamic-ldb-link-test-in-configure.patch \
file://squid-use-serial-tests-config-needed-by-ptest.patch \
file://run-ptest \
file://volatiles.03_squid \
- file://set_sysroot_patch.patch \
- file://squid-don-t-do-squid-conf-tests-at-build-time.patch \
file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch \
+ file://0002-squid-make-squid-conf-tests-run-on-target-device.patch \
+ file://squid.nm \
"
SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"
-SRC_URI[sha256sum] = "4c17e1eb324c4b7aa3c6889eba66eeca7ed98625d44076f7db7b027b2b093bd5"
+SRC_URI[sha256sum] = "99acd54ec9d68b2a9080d19fcc43eca1a245146cf162dbba689510d01e6d0f25"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
- file://errors/COPYRIGHT;md5=0a7deb73d8fb7a9849af7145987829a4 \
+ file://errors/COPYRIGHT;md5=d324bc1f9447d1d1588d75b22a678dc4 \
"
-DEPENDS = "libtool krb5 openldap db cyrus-sasl"
+DEPENDS = "libtool"
-inherit autotools pkgconfig useradd ptest perlnative
+inherit autotools pkgconfig useradd ptest perlnative systemd
LDFLAGS:append:mipsarch = " -latomic"
LDFLAGS:append:powerpc = " -latomic"
@@ -43,20 +42,31 @@
USERADD_PACKAGES = "${PN}"
USERADD_PARAM:${PN} = "--system --no-create-home --home-dir /var/run/squid --shell /bin/false --user-group squid"
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
- "
+PACKAGECONFIG ??= "auth url-rewrite-helpers \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+"
+
PACKAGECONFIG[libnetfilter-conntrack] = "--with-netfilter-conntrack=${includedir}, --without-netfilter-conntrack, libnetfilter-conntrack"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[werror] = "--enable-strict-error-checking,--disable-strict-error-checking,"
PACKAGECONFIG[esi] = "--enable-esi,--disable-esi,expat libxml2"
PACKAGECONFIG[ssl] = "--with-openssl=yes,--with-openssl=no,openssl"
+PACKAGECONFIG[auth] = "--enable-auth-basic='${BASIC_AUTH}',--disable-auth --disable-auth-basic,krb5 openldap db cyrus-sasl"
+PACKAGECONFIG[url-rewrite-helpers] = "--enable-url-rewrite-helpers,--disable-url-rewrite-helpers,"
+PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd"
+
+PACKAGES =+ " \
+ ${PN}-conf \
+ ${PN}-networkmanager \
+"
BASIC_AUTH = "DB SASL LDAP"
DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
BASIC_AUTH += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'PAM', '', d)}"
-EXTRA_OECONF += "--with-default-user=squid --enable-auth-basic='${BASIC_AUTH}' \
+EXTRA_OECONF += "--with-default-user=squid \
--sysconfdir=${sysconfdir}/${BPN} \
--with-logdir=${localstatedir}/log/${BPN} \
'PERL=${USRBINPATH}/env perl'"
@@ -81,29 +91,29 @@
cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH}
cp -rf ${S}/${TESTDIR} ${D}${PTEST_PATH}
- # Needed to generate file squid.conf.default
- oe_runmake DESTDIR=${D}${PTEST_PATH} -C src install-data-local
- install -d ${D}${sysconfdir}/squid
- install -m 0644 ${D}${PTEST_PATH}/${sysconfdir}/squid/squid.conf.default ${D}${sysconfdir}/squid
+ # Install default config
+ install -d ${D}${PTEST_PATH}/src
+ install -m 0644 ${B}/src/squid.conf.default ${D}${PTEST_PATH}/src
- # Don't need these directories
- rm -rf ${D}${PTEST_PATH}/${sysconfdir}
- rm -rf ${D}${PTEST_PATH}/usr
- rm -rf ${D}${PTEST_PATH}/var
+ # autoconf.h is needed during squid-conf-tests
+ install -d ${D}${PTEST_PATH}/include
+ install -m 0644 ${B}/include/autoconf.h ${D}${PTEST_PATH}/include
# do NOT need to rebuild Makefile itself
sed -i 's/^Makefile:.*$/Makefile:/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile
- # Add squid-conf-tests for runtime tests
- sed -e 's/^\(runtest-TESTS:\)/\1 squid-conf-tests/' \
- -i ${D}${PTEST_PATH}/${TESTDIR}/Makefile
-
# Ensure the path for command true is correct
sed -i 's:^TRUE = .*$:TRUE = /bin/true:' ${D}${PTEST_PATH}/${TESTDIR}/Makefile
}
do_install:append() {
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ # Install service unit file
+ install -d ${D}/${systemd_unitdir}/system
+ install ${S}/tools/systemd/squid.service ${D}/${systemd_unitdir}/system
+ sed -i 's:/var/run/:/run/:g' ${D}/${systemd_unitdir}/system/squid.service
+
+ # Configure tmpfiles.d
install -d ${D}${sysconfdir}/tmpfiles.d
echo "d ${localstatedir}/run/${BPN} 0755 squid squid -" >> ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf
echo "d ${localstatedir}/log/${BPN} 0750 squid squid -" >> ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf
@@ -117,12 +127,20 @@
rmdir "${D}${localstatedir}/log/${BPN}"
rmdir --ignore-fail-on-non-empty "${D}${localstatedir}/log"
+
+ # Install NetworkManager dispatcher reload hooks
+ install -d ${D}${libdir}/NetworkManager/dispatcher.d
+ install -m 0755 ${WORKDIR}/squid.nm ${D}${libdir}/NetworkManager/dispatcher.d/20-squid
}
+SYSTEMD_AUTO_ENABLE = "disable"
+SYSTEMD_SERVICE:${PN} = "squid.service"
+
FILES:${PN} += "${libdir} ${datadir}/errors ${datadir}/icons"
FILES:${PN}-dbg += "/usr/src/debug"
FILES:${PN}-doc += "${datadir}/*.txt"
-FILES:${PN}-ptest += "${sysconfdir}/squid/squid.conf.default"
+FILES:${PN}-conf += "${sysconfdir}/squid"
+FILES:${PN}-networkmanager = "${libdir}/NetworkManager/dispatcher.d"
-RDEPENDS:${PN} += "perl"
+RDEPENDS:${PN} += "perl ${PN}-conf"
RDEPENDS:${PN}-ptest += "perl make"
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch
deleted file mode 100644
index 3e93cf3..0000000
--- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-tools-make-quiet-actually-suppress-output.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 312d5ee1592f8c5b616d330233d1de2643f759e2 Mon Sep 17 00:00:00 2001
-From: Jonas Gorski <jonas.gorski@bisdn.de>
-Date: Thu, 14 Sep 2023 17:04:16 +0200
-Subject: [PATCH] tools: make --quiet actually suppress output
-
-When calling daemon_stop() with --quiet and e.g. the pidfile is empty,
-it won't return early since while "$fail" is set, "$2" is "--quiet", so
-the if condition isn't met and it will continue executing, resulting
-in error messages in the log:
-
-> Sep 14 14:48:33 localhost watchfrr[2085]: [YFT0P-5Q5YX] Forked background command [pid 2086]: /usr/lib/frr/watchfrr.sh restart all
-> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
-> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
-> Sep 14 14:48:33 localhost frrinit.sh[2075]: /usr/lib/frr/frrcommon.sh: line 216: kill: `': not a pid or valid job spec
-
-Fix this by moving the --quiet check into the block to log_failure_msg(),
-and also add the check to all other invocations of log_*_msg() to make
---quiet properly suppress output.
-
-Fixes: 19a99d89f088 ("tools: suppress unuseful warnings during restarting frr")
-Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
-Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/312d5ee1592f8c5b616d330233d1de2643f759e2]
----
- tools/frrcommon.sh.in | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in
-index f1f70119097e..00b63a78e2bc 100755
---- a/tools/frrcommon.sh.in
-+++ b/tools/frrcommon.sh.in
-@@ -207,8 +207,8 @@ daemon_stop() {
- [ -z "$fail" -a -z "$pid" ] && fail="pid file is empty"
- [ -n "$fail" ] || kill -0 "$pid" 2>/dev/null || fail="pid $pid not running"
-
-- if [ -n "$fail" ] && [ "$2" != "--quiet" ]; then
-- log_failure_msg "Cannot stop $dmninst: $fail"
-+ if [ -n "$fail" ]; then
-+ [ "$2" = "--quiet" ] || log_failure_msg "Cannot stop $dmninst: $fail"
- return 1
- fi
-
-@@ -220,11 +220,11 @@ daemon_stop() {
- [ $(( cnt -= 1 )) -gt 0 ] || break
- done
- if kill -0 "$pid" 2>/dev/null; then
-- log_failure_msg "Failed to stop $dmninst, pid $pid still running"
-+ [ "$2" = "--quiet" ] || log_failure_msg "Failed to stop $dmninst, pid $pid still running"
- still_running=1
- return 1
- else
-- log_success_msg "Stopped $dmninst"
-+ [ "$2" = "--quiet" ] || log_success_msg "Stopped $dmninst"
- rm -f "$pidfile"
- return 0
- fi
---
-2.42.0
-
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch
deleted file mode 100644
index e1f3024..0000000
--- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From b08afc81c60607a4f736f418f2e3eb06087f1a35 Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Fri, 20 Oct 2023 17:49:18 +0300
-Subject: [PATCH] bgpd: Handle MP_REACH_NLRI malformed packets with session
- reset
-
-Avoid crashing bgpd.
-
-```
-(gdb)
-bgp_mp_reach_parse (args=<optimized out>, mp_update=0x7fffffffe140) at bgpd/bgp_attr.c:2341
-2341 stream_get(&attr->mp_nexthop_global, s, IPV6_MAX_BYTELEN);
-(gdb)
-stream_get (dst=0x7fffffffe1ac, s=0x7ffff0006e80, size=16) at lib/stream.c:320
-320 {
-(gdb)
-321 STREAM_VERIFY_SANE(s);
-(gdb)
-323 if (STREAM_READABLE(s) < size) {
-(gdb)
-34 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
-(gdb)
-
-Thread 1 "bgpd" received signal SIGSEGV, Segmentation fault.
-0x00005555556e37be in route_set_aspath_prepend (rule=0x555555aac0d0, prefix=0x7fffffffe050,
- object=0x7fffffffdb00) at bgpd/bgp_routemap.c:2282
-2282 if (path->attr->aspath->refcnt)
-(gdb)
-```
-
-With the configuration:
-
-```
- neighbor 127.0.0.1 remote-as external
- neighbor 127.0.0.1 passive
- neighbor 127.0.0.1 ebgp-multihop
- neighbor 127.0.0.1 disable-connected-check
- neighbor 127.0.0.1 update-source 127.0.0.2
- neighbor 127.0.0.1 timers 3 90
- neighbor 127.0.0.1 timers connect 1
- address-family ipv4 unicast
- redistribute connected
- neighbor 127.0.0.1 default-originate
- neighbor 127.0.0.1 route-map RM_IN in
- exit-address-family
-!
-route-map RM_IN permit 10
- set as-path prepend 200
-exit
-```
-
-Reported-by: Iggy Frankovic <iggyfran@amazon.com>
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
-Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/b08afc81c60607a4f736f418f2e3eb06087f1a35]
-CVE: CVE-2023-46752
-Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
----
- bgpd/bgp_attr.c | 6 +-----
- bgpd/bgp_attr.h | 1 -
- bgpd/bgp_packet.c | 6 +-----
- 3 files changed, 2 insertions(+), 11 deletions(-)
-
-diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
-index 6925aff727e2..e7bb42a5d989 100644
---- a/bgpd/bgp_attr.c
-+++ b/bgpd/bgp_attr.c
-@@ -2421,7 +2421,7 @@ int bgp_mp_reach_parse(struct bgp_attr_parser_args *args,
-
- mp_update->afi = afi;
- mp_update->safi = safi;
-- return BGP_ATTR_PARSE_EOR;
-+ return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_MAL_ATTR, 0);
- }
-
- mp_update->afi = afi;
-@@ -3759,10 +3759,6 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr,
- goto done;
- }
-
-- if (ret == BGP_ATTR_PARSE_EOR) {
-- goto done;
-- }
--
- if (ret == BGP_ATTR_PARSE_ERROR) {
- flog_warn(EC_BGP_ATTRIBUTE_PARSE_ERROR,
- "%s: Attribute %s, parse error", peer->host,
-diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h
-index 961e5f122470..fc347e7a1b4b 100644
---- a/bgpd/bgp_attr.h
-+++ b/bgpd/bgp_attr.h
-@@ -364,7 +364,6 @@ enum bgp_attr_parse_ret {
- /* only used internally, send notify + convert to BGP_ATTR_PARSE_ERROR
- */
- BGP_ATTR_PARSE_ERROR_NOTIFYPLS = -3,
-- BGP_ATTR_PARSE_EOR = -4,
- };
-
- struct bpacket_attr_vec_arr;
-diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
-index b585591e2f69..5ecf343b6657 100644
---- a/bgpd/bgp_packet.c
-+++ b/bgpd/bgp_packet.c
-@@ -2397,8 +2397,7 @@ static int bgp_update_receive(struct peer_connection *connection,
- * Non-MP IPv4/Unicast EoR is a completely empty UPDATE
- * and MP EoR should have only an empty MP_UNREACH
- */
-- if ((!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0)
-- || (attr_parse_ret == BGP_ATTR_PARSE_EOR)) {
-+ if (!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0) {
- afi_t afi = 0;
- safi_t safi;
- struct graceful_restart_info *gr_info;
-@@ -2419,9 +2418,6 @@ static int bgp_update_receive(struct peer_connection *connection,
- && nlris[NLRI_MP_WITHDRAW].length == 0) {
- afi = nlris[NLRI_MP_WITHDRAW].afi;
- safi = nlris[NLRI_MP_WITHDRAW].safi;
-- } else if (attr_parse_ret == BGP_ATTR_PARSE_EOR) {
-- afi = nlris[NLRI_MP_UPDATE].afi;
-- safi = nlris[NLRI_MP_UPDATE].safi;
- }
-
- if (afi && peer->afc[afi][safi]) {
---
-2.42.1
-
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch
deleted file mode 100644
index 6bf159a..0000000
--- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From d8482bf011cb2b173e85b65b4bf3d5061250cdb9 Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Mon, 23 Oct 2023 23:34:10 +0300
-Subject: [PATCH] bgpd: Check mandatory attributes more carefully for UPDATE
- message
-
-If we send a crafted BGP UPDATE message without mandatory attributes, we do
-not check if the length of the path attributes is zero or not. We only check
-if attr->flag is at least set or not. Imagine we send only unknown transit
-attribute, then attr->flag is always 0. Also, this is true only if graceful-restart
-capability is received.
-
-A crash:
-
-```
-bgpd[7834]: [TJ23Y-GY0RH] 127.0.0.1 Unknown attribute is received (type 31, length 16)
-bgpd[7834]: [PCFFM-WMARW] 127.0.0.1(donatas-pc) rcvd UPDATE wlen 0 attrlen 20 alen 17
-BGP[7834]: Received signal 11 at 1698089639 (si_addr 0x0, PC 0x55eefd375b4a); aborting...
-BGP[7834]: /usr/local/lib/libfrr.so.0(zlog_backtrace_sigsafe+0x6d) [0x7f3205ca939d]
-BGP[7834]: /usr/local/lib/libfrr.so.0(zlog_signal+0xf3) [0x7f3205ca9593]
-BGP[7834]: /usr/local/lib/libfrr.so.0(+0xf5181) [0x7f3205cdd181]
-BGP[7834]: /lib/x86_64-linux-gnu/libpthread.so.0(+0x12980) [0x7f3204ff3980]
-BGP[7834]: /usr/lib/frr/bgpd(+0x18ab4a) [0x55eefd375b4a]
-BGP[7834]: /usr/local/lib/libfrr.so.0(route_map_apply_ext+0x310) [0x7f3205cd1290]
-BGP[7834]: /usr/lib/frr/bgpd(+0x163610) [0x55eefd34e610]
-BGP[7834]: /usr/lib/frr/bgpd(bgp_update+0x9a5) [0x55eefd35c1d5]
-BGP[7834]: /usr/lib/frr/bgpd(bgp_nlri_parse_ip+0xb7) [0x55eefd35e867]
-BGP[7834]: /usr/lib/frr/bgpd(+0x1555e6) [0x55eefd3405e6]
-BGP[7834]: /usr/lib/frr/bgpd(bgp_process_packet+0x747) [0x55eefd345597]
-BGP[7834]: /usr/local/lib/libfrr.so.0(event_call+0x83) [0x7f3205cef4a3]
-BGP[7834]: /usr/local/lib/libfrr.so.0(frr_run+0xc0) [0x7f3205ca10a0]
-BGP[7834]: /usr/lib/frr/bgpd(main+0x409) [0x55eefd2dc979]
-```
-
-Sending:
-
-```
-import socket
-import time
-
-OPEN = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
-b"\xff\xff\x00\x62\x01\x04\xfd\xea\x00\x5a\x0a\x00\x00\x01\x45\x02"
-b"\x06\x01\x04\x00\x01\x00\x01\x02\x02\x02\x00\x02\x02\x46\x00\x02"
-b"\x06\x41\x04\x00\x00\xfd\xea\x02\x02\x06\x00\x02\x06\x45\x04\x00"
-b"\x01\x01\x03\x02\x0e\x49\x0c\x0a\x64\x6f\x6e\x61\x74\x61\x73\x2d"
-b"\x70\x63\x00\x02\x04\x40\x02\x00\x78\x02\x09\x47\x07\x00\x01\x01"
-b"\x80\x00\x00\x00")
-
-KEEPALIVE = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
-b"\xff\xff\xff\xff\xff\xff\x00\x13\x04")
-
-UPDATE = bytearray.fromhex("ffffffffffffffffffffffffffffffff003c0200000014ff1f001000040146464646460004464646464646664646f50d05800100010200ffff000000")
-
-s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-s.connect(('127.0.0.2', 179))
-s.send(OPEN)
-data = s.recv(1024)
-s.send(KEEPALIVE)
-data = s.recv(1024)
-s.send(UPDATE)
-data = s.recv(1024)
-time.sleep(1000)
-s.close()
-```
-
-Reported-by: Iggy Frankovic <iggyfran@amazon.com>
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
-Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/d8482bf011cb2b173e85b65b4bf3d5061250cdb9]
-CVE: CVE-2023-46753
-Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
----
- bgpd/bgp_attr.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
-index e7bb42a5d989..cf2dbe65b805 100644
---- a/bgpd/bgp_attr.c
-+++ b/bgpd/bgp_attr.c
-@@ -3385,13 +3385,15 @@ bgp_attr_unknown(struct bgp_attr_parser_args *args)
- }
-
- /* Well-known attribute check. */
--static int bgp_attr_check(struct peer *peer, struct attr *attr)
-+static int bgp_attr_check(struct peer *peer, struct attr *attr,
-+ bgp_size_t length)
- {
- uint8_t type = 0;
-
- /* BGP Graceful-Restart End-of-RIB for IPv4 unicast is signaled as an
- * empty UPDATE. */
-- if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag)
-+ if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag &&
-+ !length)
- return BGP_ATTR_PARSE_PROCEED;
-
- /* "An UPDATE message that contains the MP_UNREACH_NLRI is not required
-@@ -3443,7 +3445,7 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr,
- enum bgp_attr_parse_ret ret;
- uint8_t flag = 0;
- uint8_t type = 0;
-- bgp_size_t length;
-+ bgp_size_t length = 0;
- uint8_t *startp, *endp;
- uint8_t *attr_endp;
- uint8_t seen[BGP_ATTR_BITMAP_SIZE];
-@@ -3831,7 +3833,7 @@ enum bgp_attr_parse_ret bgp_attr_parse(struct peer *peer, struct attr *attr,
- }
-
- /* Check all mandatory well-known attributes are present */
-- ret = bgp_attr_check(peer, attr);
-+ ret = bgp_attr_check(peer, attr, length);
- if (ret < 0)
- goto done;
-
---
-2.42.1
-
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch
deleted file mode 100644
index 754f934..0000000
--- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From c37119df45bbf4ef713bc10475af2ee06e12f3bf Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Sun, 29 Oct 2023 22:44:45 +0200
-Subject: [PATCH] bgpd: Ignore handling NLRIs if we received MP_UNREACH_NLRI
-
-If we receive MP_UNREACH_NLRI, we should stop handling remaining NLRIs if
-no mandatory path attributes received.
-
-In other words, if MP_UNREACH_NLRI received, the remaining NLRIs should be handled
-as a new data, but without mandatory attributes, it's a malformed packet.
-
-In normal case, this MUST not happen at all, but to avoid crashing bgpd, we MUST
-handle that.
-
-Reported-by: Iggy Frankovic <iggyfran@amazon.com>
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
-Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf]
-CVE: CVE-2023-47234
-Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
----
- bgpd/bgp_attr.c | 19 ++++++++++---------
- bgpd/bgp_attr.h | 1 +
- bgpd/bgp_packet.c | 7 ++++++-
- 3 files changed, 17 insertions(+), 10 deletions(-)
-
-diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
-index 1473dc772502..75aa2ac7cce6 100644
---- a/bgpd/bgp_attr.c
-+++ b/bgpd/bgp_attr.c
-@@ -3399,15 +3399,6 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr,
- !length)
- return BGP_ATTR_PARSE_WITHDRAW;
-
-- /* "An UPDATE message that contains the MP_UNREACH_NLRI is not required
-- to carry any other path attributes.", though if MP_REACH_NLRI or NLRI
-- are present, it should. Check for any other attribute being present
-- instead.
-- */
-- if ((!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)) &&
-- CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI))))
-- return BGP_ATTR_PARSE_PROCEED;
--
- if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGIN)))
- type = BGP_ATTR_ORIGIN;
-
-@@ -3426,6 +3417,16 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr,
- && !CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_LOCAL_PREF)))
- type = BGP_ATTR_LOCAL_PREF;
-
-+ /* An UPDATE message that contains the MP_UNREACH_NLRI is not required
-+ * to carry any other path attributes. Though if MP_REACH_NLRI or NLRI
-+ * are present, it should. Check for any other attribute being present
-+ * instead.
-+ */
-+ if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)) &&
-+ CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI)))
-+ return type ? BGP_ATTR_PARSE_MISSING_MANDATORY
-+ : BGP_ATTR_PARSE_PROCEED;
-+
- /* If any of the well-known mandatory attributes are not present
- * in an UPDATE message, then "treat-as-withdraw" MUST be used.
- */
-diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h
-index fc347e7a1b4b..d30155e6dba0 100644
---- a/bgpd/bgp_attr.h
-+++ b/bgpd/bgp_attr.h
-@@ -364,6 +364,7 @@ enum bgp_attr_parse_ret {
- /* only used internally, send notify + convert to BGP_ATTR_PARSE_ERROR
- */
- BGP_ATTR_PARSE_ERROR_NOTIFYPLS = -3,
-+ BGP_ATTR_PARSE_MISSING_MANDATORY = -4,
- };
-
- struct bpacket_attr_vec_arr;
-diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
-index a7514a26aa64..5dc35157ebf6 100644
---- a/bgpd/bgp_packet.c
-+++ b/bgpd/bgp_packet.c
-@@ -2359,7 +2359,12 @@ static int bgp_update_receive(struct peer_connection *connection,
- /* Network Layer Reachability Information. */
- update_len = end - stream_pnt(s);
-
-- if (update_len && attribute_len) {
-+ /* If we received MP_UNREACH_NLRI attribute, but also NLRIs, then
-+ * NLRIs should be handled as a new data. Though, if we received
-+ * NLRIs without mandatory attributes, they should be ignored.
-+ */
-+ if (update_len && attribute_len &&
-+ attr_parse_ret != BGP_ATTR_PARSE_MISSING_MANDATORY) {
- /* Set NLRI portion to structure. */
- nlris[NLRI_UPDATE].afi = AFI_IP;
- nlris[NLRI_UPDATE].safi = SAFI_UNICAST;
---
-2.42.1
-
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch
deleted file mode 100644
index b06ba94..0000000
--- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From 6814f2e0138a6ea5e1f83bdd9085d9a77999900b Mon Sep 17 00:00:00 2001
-From: Donatas Abraitis <donatas@opensourcerouting.org>
-Date: Fri, 27 Oct 2023 11:56:45 +0300
-Subject: [PATCH] bgpd: Treat EOR as withdrawn to avoid unwanted handling of
- malformed attrs
-
-Treat-as-withdraw, otherwise if we just ignore it, we will pass it to be
-processed as a normal UPDATE without mandatory attributes, that could lead
-to harmful behavior. In this case, a crash for route-maps with the configuration
-such as:
-
-```
-router bgp 65001
- no bgp ebgp-requires-policy
- neighbor 127.0.0.1 remote-as external
- neighbor 127.0.0.1 passive
- neighbor 127.0.0.1 ebgp-multihop
- neighbor 127.0.0.1 disable-connected-check
- neighbor 127.0.0.1 update-source 127.0.0.2
- neighbor 127.0.0.1 timers 3 90
- neighbor 127.0.0.1 timers connect 1
- !
- address-family ipv4 unicast
- neighbor 127.0.0.1 addpath-tx-all-paths
- neighbor 127.0.0.1 default-originate
- neighbor 127.0.0.1 route-map RM_IN in
- exit-address-family
-exit
-!
-route-map RM_IN permit 10
- set as-path prepend 200
-exit
-```
-
-Send a malformed optional transitive attribute:
-
-```
-import socket
-import time
-
-OPEN = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
-b"\xff\xff\x00\x62\x01\x04\xfd\xea\x00\x5a\x0a\x00\x00\x01\x45\x02"
-b"\x06\x01\x04\x00\x01\x00\x01\x02\x02\x02\x00\x02\x02\x46\x00\x02"
-b"\x06\x41\x04\x00\x00\xfd\xea\x02\x02\x06\x00\x02\x06\x45\x04\x00"
-b"\x01\x01\x03\x02\x0e\x49\x0c\x0a\x64\x6f\x6e\x61\x74\x61\x73\x2d"
-b"\x70\x63\x00\x02\x04\x40\x02\x00\x78\x02\x09\x47\x07\x00\x01\x01"
-b"\x80\x00\x00\x00")
-
-KEEPALIVE = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
-b"\xff\xff\xff\xff\xff\xff\x00\x13\x04")
-
-UPDATE = bytearray.fromhex("ffffffffffffffffffffffffffffffff002b0200000003c0ff00010100eb00ac100b0b001ad908ac100b0b")
-
-s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-s.connect(('127.0.0.2', 179))
-s.send(OPEN)
-data = s.recv(1024)
-s.send(KEEPALIVE)
-data = s.recv(1024)
-s.send(UPDATE)
-data = s.recv(1024)
-time.sleep(100)
-s.close()
-```
-
-Reported-by: Iggy Frankovic <iggyfran@amazon.com>
-Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
-Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/6814f2e0138a6ea5e1f83bdd9085d9a77999900b]
-CVE: CVE-2023-47235
-Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
----
- bgpd/bgp_attr.c | 15 ++++++++++++---
- 1 file changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
-index cf2dbe65b805..1473dc772502 100644
---- a/bgpd/bgp_attr.c
-+++ b/bgpd/bgp_attr.c
-@@ -3391,10 +3391,13 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr,
- uint8_t type = 0;
-
- /* BGP Graceful-Restart End-of-RIB for IPv4 unicast is signaled as an
-- * empty UPDATE. */
-+ * empty UPDATE. Treat-as-withdraw, otherwise if we just ignore it,
-+ * we will pass it to be processed as a normal UPDATE without mandatory
-+ * attributes, that could lead to harmful behavior.
-+ */
- if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag &&
- !length)
-- return BGP_ATTR_PARSE_PROCEED;
-+ return BGP_ATTR_PARSE_WITHDRAW;
-
- /* "An UPDATE message that contains the MP_UNREACH_NLRI is not required
- to carry any other path attributes.", though if MP_REACH_NLRI or NLRI
-@@ -3889,7 +3892,13 @@ done:
- aspath_unintern(&as4_path);
-
- transit = bgp_attr_get_transit(attr);
-- if (ret != BGP_ATTR_PARSE_ERROR) {
-+ /* If we received an UPDATE with mandatory attributes, then
-+ * the unrecognized transitive optional attribute of that
-+ * path MUST be passed. Otherwise, it's an error, and from
-+ * security perspective it might be very harmful if we continue
-+ * here with the unrecognized attributes.
-+ */
-+ if (ret == BGP_ATTR_PARSE_PROCEED) {
- /* Finally intern unknown attribute. */
- if (transit)
- bgp_attr_set_transit(attr, transit_intern(transit));
---
-2.42.1
-
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.0.1.bb b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.1.bb
similarity index 93%
rename from meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.0.1.bb
rename to meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.1.bb
index c447df0..9db6710 100644
--- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.0.1.bb
+++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_9.1.bb
@@ -11,16 +11,11 @@
PR = "r1"
-SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/9.0 \
+SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/9.1 \
file://frr.pam \
- file://0001-tools-make-quiet-actually-suppress-output.patch \
- file://CVE-2023-46752.patch \
- file://CVE-2023-46753.patch \
- file://CVE-2023-47235.patch \
- file://CVE-2023-47234.patch \
"
-SRCREV = "31ed3dd753d62b5d8916998bc32814007e91364b"
+SRCREV = "312faf8008bb4f3b9e84b8e2758cd2cbdf5742b5"
UPSTREAM_CHECK_GITTAGREGEX = "frr-(?P<pver>\d+(\.\d+)+)$"
diff --git a/meta-openembedded/meta-networking/recipes-support/spice/libcacard_2.8.1.bb b/meta-openembedded/meta-networking/recipes-support/spice/libcacard_2.8.1.bb
index c81322e..65f2f80 100644
--- a/meta-openembedded/meta-networking/recipes-support/spice/libcacard_2.8.1.bb
+++ b/meta-openembedded/meta-networking/recipes-support/spice/libcacard_2.8.1.bb
@@ -11,3 +11,7 @@
S = "${WORKDIR}/git"
inherit meson pkgconfig
+
+do_configure:prepend() {
+ echo ${PV} > ${S}/.tarball-version
+}
diff --git a/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb b/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb
index 3d34f22..82ce706 100644
--- a/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb
+++ b/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb
@@ -52,6 +52,10 @@
GTKDOC_MESON_ENABLE_FLAG = 'enabled'
GTKDOC_MESON_DISABLE_FLAG = 'disabled'
+do_configure:prepend() {
+ echo ${PV} > ${S}/.tarball-version
+}
+
PACKAGECONFIG ??= "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'vapi', '', d)} smartcard"
PACKAGECONFIG[vapi] = "-Dvapi=enabled,-Dvapi=disabled"
PACKAGECONFIG[smartcard] = "-Dsmartcard=enabled,-Dsmartcard=disabled,libcacard"
diff --git a/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb b/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb
index a1f3010..419316a 100644
--- a/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb
+++ b/meta-openembedded/meta-networking/recipes-support/spice/spice_git.bb
@@ -30,6 +30,10 @@
export PYTHON="${STAGING_BINDIR_NATIVE}/python3-native/python3"
+do_configure:prepend() {
+ echo ${PV} > ${S}/.tarball-version
+}
+
PACKAGECONFIG:class-native = ""
PACKAGECONFIG:class-nativesdk = ""
PACKAGECONFIG ?= "sasl opus smartcard gstreamer"